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Abstract.  How  to  better  achieve  secure  and  correctly  functioning  software 
systems,  regardless  of  their  origins,  application  domain,  or  operational  environ¬ 
ments?  Engaging  a  knowledgeable  team  of  educators  to  develop  curricula, 
courses,  and  other  materials  for  the  discipline  of  software  assurance  is  but  the 
start.  If  we  build  it,  will  they  come?  In  this  paper,  I  explore  strategies  this  team 
of  educators  used  to  encourage  the  community  of  computing  educators  to 
adopt  software  assurance  curricula. 

Background 

Our  lives  and  our  world  depend  on  software.  Highly  complex, 
interdependent  software  systems  are  critical  to  virtually  every 
aspect  and  domain  of  society  today.  However  ubiquitous  soft¬ 
ware  has  become,  security  advances  have  not  been  commen¬ 
surate  with  the  vital  role  software  now  plays.  As  a  consequence, 
our  exposure  to  risk  is  ever  increasing. 

The  complexity  of  software  and  software-intensive  sys¬ 
tems  has  inherent  risk:  it  obscures  the  essential  intent  of  the 
software,  masks  potentially  harmful  uses,  precludes  exhaustive 
testing,  and  also  introduces  additional  problems  with  respect  to 
the  operation  and  maintenance  of  the  software.  The  interdepen¬ 
dence  of  these  systems  means  attackers  can  focus  on  the  most 
vulnerable  component  to  damage  the  larger  system(s),  while 
today’s  interconnectivity  makes  the  proliferation  of  malware 
easy,  but  the  identification  of  its  source  difficult  [1].  Threats  are 
large  and  diverse,  from  unsophisticated  opportunists  to  techni¬ 
cally  savvy  entities  backed  by  organized  crime  [2],  nation  states, 
and  similar  organizations  with  malicious  intent. 

Software  Assurance  Curriculum  Project 

Understanding  the  importance  of  the  software  assurance 
discipline  for  protecting  national  infrastructures  and  systems,  the 
DHS  National  Cyber  Security  Division  has  recognized  the  grow¬ 
ing  need  for  skilled  practitioners  in  this  area.  At  the  direction 
of  DHS,  researchers  in  SEP  at  Carnegie  Mellon  University  de¬ 
veloped  the  Software  Assurance  Curriculum  Project  (SwACP). 
The  SwACP  development  team  is  composed  of  knowledgeable 
educators  from  a  number  of  institutions  of  higher  education,^ 
who  collectively  have  substantial  background  in  software  as¬ 
surance  research,  software  engineering  research  and  practice. 


and  software  engineering  education  [3],  and  who  participate  in 
related  professional  society  curricula  development. 

What  is  software  assurance?  The  definition  used  by  the 
SwACP  team  is,  “Software  assurance  (SwA)  is  the  application 
of  technologies  and  processes  to  achieve  a  required  level  of 
confidence  that  software  systems  and  services  function  in  the 
intended  manner,  are  free  from  accidental  or  intentional  vulner¬ 
abilities,  provide  security  capabilities  appropriate  to  the  threat 
environment,  and  recover  from  intrusions  and  failures  [4].”^  This 
is  a  slight  extension  of  the  Committee  on  National  Security 
Systems’  definition  [5]  used  by  our  DHS  sponsor. 

Many  colleges  and  universities  have  degree  programs  in 
areas  such  as  software  engineering  and  information  security, 
but  programs  and  tracks  in  software  assurance  are  lacking.  The 
work  of  the  SwACP  addresses  this  gap. 

The  focus  of  the  SwACP  is  to: 

•  Identify  a  core  body  of  knowledge  that  educational 
institutions  can  use  to  develop  Master  of  Software 
Assurance  (MSwA)  degree  programs 

•  Mentor  universities  in  developing  standalone  MSwA  degree 
programs  and  tracks  within  existing  software  engineering 
and  computer  science  master’s  degree  programs 

•  Promote  an  undergraduate  curriculum  specialization  for 
software  assurance 

•  Address  community  college  needs 

To  date  the  SwACP  team  has  produced  four  volumes'^: 

•  Master  of  Software  Assurance  Reference  Curriculum^  [4] 

•  Undergraduate  Course  Outlines®  [6] 

•  Master  of  Software  Assurance  Course  Syllabi  [7] 

•  Community  College  Education^  [8] 

In  addition  to  these  reports,  the  team  also  developed  papers 
[1 , 3,  9,1 0,  11],  presentations  [1 2,1 3],  and  workshops  [14].® 

Both  the  Association  for  Computing  Machinery  (ACM)  and 
the  IEEE  Computer  Society  (lEEE-CS)  have  recognized  the 
MSwA  Reference  Curriculum  as  appropriate  for  a  master’s 
program  in  software  assurance.  This  formal  recognition  signifies 
to  the  educational  community  that  the  MSwA  Reference  Cur¬ 
riculum  is  suitable  for  creating  graduate  programs  or  tracks  in 
software  assurance.® 

Outreach 

Defining  transition  strategies  for  future  implementation  of  the 
software  assurance  curricula  is  one  of  the  goals  of  the  SwACP. 
Many  SwACP  team  members  had  been  previously  involved  in 
curriculum  work  and  understood  the  need  to  have  a  compre¬ 
hensive  plan  for  promoting  the  transition  and  adoption  of  the 
various  curricula.  In  the  academic  world,  transition  is  a  lengthy 
process,  with  a  number  of  potential  barriers  to  adoption.  While 
introducing  one  new  elective  course  may  be  relatively  easy,  in¬ 
troducing  a  new  track  takes  significant  effort,  and  adding  a  new 
degree  program  is  a  real  challenge.  Many  barriers  exist:  insuf¬ 
ficient  interested  students  in  the  surrounding  geographic  area. 
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lack  of  qualified  faculty,  lack  of  administrative  support,  funding, 
etc.  For  the  SwACP  to  succeed,  a  comprehensive  outreach  and 
promotional  plan  was  needed. 

For  the  first  volume  produced,  the  MSwA  Reference  Cur¬ 
riculum,  planned  promotional  activities  targeting  educators 
included  [3]: 

•  Publicity-SwACP  team  members  disseminated  announce¬ 
ments,  press  releases,  and  flyers  regarding  the  team’s  work 
via  email,  websites,  educational  publications,  and  professional 
societies;  they  also  distributed  promotional  materials  to  col¬ 
leagues  when  they  attended  conferences. 

•  Software  assurance  education  discussion  group-We 
established  a  Linkedin  discussion  group  in  which  faculty  inter¬ 
ested  in  implementing  all  or  portions  of  the  curriculum  could 
interact  with  the  team  and  other  colleagues  who  are  using 
the  curriculum. 

•  Awareness-Team  members  conducted  and  videotaped^® 
an  awareness-raising  faculty  workshop  at  the  Conference  on 
Software  Engineering  Education  and  Training  (CSEET)  2010 
[1 4].  This  workshop  was  among  the  various  presentations 
given  at  faculty  and  curriculum  development  venues.  Addition¬ 
ally  an  overview  podcast  was  produced,  including  a  discussion 
of  what  students  and  employers  can  expect.^ ^ 

•  Mentoring-The  SwACP  team  is  mentoring  universities 
and  faculty  members  who  wish  to  offer  a  course,  track,  or 
MSwA  degree  program.  This  support  includes  review  of  imple¬ 
mentation  plans  and  course  outlines  and  advice  on  references 
and  other  materials. 

•  Publication-SwACP  team  members  have  written  papers 
and  given  talks  on  the  curriculum. 

•  Professional  society  recog nition-As  mentioned  previously,  both 
ACM  and  lEEE-CS  officially  recognize  the  MSwA  curriculum. 

For  transition  and  promotion  of  the  MSwA  Reference  Curricu¬ 
lum,  early  adoption  is  important.  The  Stevens  Institute  of  Technol¬ 
ogy,  home  of  one  of  the  SwACP  team  members,  was  the  first 
school  to  adopt  elements  of  the  curriculum:  it  has  developed  two 
tracks  in  software  assurance  within  its  Master  of  Science  in  Soft¬ 
ware  Engineering  program.  One  track  is  for  students  who  antici¬ 
pate  a  career  in  secure  software  development,  while  the  other  is 
for  students  interested  in  acquisition  and  management  of  trusted 
software  systems.  For  those  students  who  already  have  an  ad¬ 
vanced  degree  or  who  are  not  ready  to  commit  to  a  full  graduate 
program,  graduate  certificates  are  available  [3].^^  Consideration 
and  plans  for  adoption  of  courses  and  tracks  are  underway  at  the 
universities  of  the  team  members,  as  well  as  other  schools. 

Outreach:  Leverage  and  Trust 

For  the  MSwA  curriculum  transition  and  promotion  goal,  all 
planned  activities  were  successfully  completed  and  continue 
to  be  pursued.  Long  term,  a  key  point  of  leverage  is  the  con¬ 
tinued  participation  by  SwACP  team  members  in  reviewing 
and  updating  professional  society  curriculum  guidelines.  For 
example,  SwACP  team  member  Mark  Ardis  is  the  chair  of  the 


Software  Engineering  2004  Review  Task  Force,  a  joint  effort 
of  the  ACM  and  the  IEEE-CS.  This  task  force  has  collected 
comments  from  the  software  engineering  community  about 
the  need  to  update  Software  Engineering  2004,  the  recom¬ 
mended  guidelines  for  undergraduate  software  engineering 
education.  Ardis  noted  that  several  reviewers  had  com¬ 
mented  on  the  need  for  more  material  on  software  security 
and  assurance.  SwACP  team  member  Elizabeth  Hawthorne 
is  chair  of  the  ACM  Committee  for  Computing  Education 
in  Community  Colleges  and  is  also  a  member  of  the  ACM 
delegation  to  the  Steering  Committee  of  the  joint  ACM  and 
IEEE-CS  Computing  Curriculum:  Computer  Science  2013,^^ 
an  effort  in  its  planning  stages  focused  on  international  cur¬ 
ricular  guidelines  for  undergraduate  programs  in  computing. 
She  reported  that  one  new  knowledge  area  under  consider¬ 
ation  is  dedicated  to  “computer  security”  (called  Information 
Assurance  and  Security). Through  these  relationships,  the 
SwACP  team  can  stay  updated  and  engaged  with  current 
curricula  development  efforts  and  seek  ways  to  leverage  the 
curricula  the  team  developed  in  graduate,  undergraduate,  and 
community  college  programs. 

In  the  short  term,  the  need  for  quick  educational  community 
feedback  on  draft  SwACP  documents  and  for  broader  aware¬ 
ness  and  involvement  suggested  a  focused  leveraging  of  trusted, 
personal  relationships,  in  addition  to  the  promotion  and  transition 
mechanisms  already  cited.  Specifically,  I  was  tasked  with  extend¬ 
ing  the  SwACP  team’s  ongoing  efforts  to  faculty  and  entities 
whom  I  knew  to  be  involved  in  course,  resource,  and  curriculum 
development  for  software  engineering,  information  systems,  infor¬ 
mation  assurance,  computer  science,  information  security,  etc.  at 
the  master’s,  undergraduate,  and  community  college  levels.  By  no 
means  was  this  complete  coverage,  but  the  trusted  relationships 
increased  the  likelihood  that  faculty  would  engage  (and  redistrib¬ 
ute  the  information).  Utilizing  relationships  with  other  colleagues, 
appropriate  faculty  at,  for  example,  the  U.S.  Service  Academies, 
were  specifically  targeted  via  a  trusted  intermediary. 

Targeted  faculty  included^ 

•  Past  participants  in  the  National  Science  Foundation  (NSF)- 
funded  Information  Assurance  Capacity  Building  Program  at 
Carnegie  Mellon  University 

•  Principal  investigators  of  the  15  NSF-funded  Advanced 
Technological  Education  (ATE)  Centers  and  through  the  NSF 
ATE  program  manager  to  other  NSF  program  managers 

•  Those  at  1 7  NSA/DHS  Centers  of  Academic  Excellence  in 
lA  Education  (CAE/IA)  and  CAE-Research  (CAE-R) 
programs^® 

•  California  State  University  Discipline  Council  (department 
heads  of  computer  science,  information  science/information 
systems,  and  software  engineering  at  the  23  schools  that  make 
up  the  council) 

•  Participants  in  the  educational  outreach  and  curriculum 
development  activities  and  members  of  the  NSF  Science  and 
Technology  Center  Team  for  Research  in  Ubiquitous  Secure 
Technologies^^ 
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•  Members  of  the  Association  of  Computer/Information  Sci¬ 
ences  and  Engineering  Departments  at  Minority  Institutions^® 

•  Members  of  various  faculty  email  lists,  including  personal 
lists  of  faculty  in  related  disciplines  interested  in  course  and  cur¬ 
riculum  development,  and  those  working  on  articulation  agree¬ 
ments  with  community  colleges 

•  U.S.  service  academies  and  postgraduate  schools^® 

Over  the  years,  faculty  from  these  entities  formed  collab¬ 
orative  relationships  to  create,  adapt,  adopt,  and  share  new 
materials  as  appropriate  for  their  departments  and  prospective 
students,  as  well  as  for  others.  Given  their  interest  in  related 
disciplines,  these  communities  of  interest  were  prime  targets  for 
our  outreach  effort. 

In  addition  to  faculty  and  academic  institutions,  it  was  important 
to  leverage  related  government  and  practitioner  efforts.  Collabo¬ 
rating  with  organizations  in  the  DoD  and  NIST,  the  DHS  National 
Cyber  Security  Division  Software  Assurance  (SwA)  Program  co¬ 
sponsors  the  Software  Assurance  Community.  In  this  community, 
members  of  government,  industry,  and  academia  come  together 
to  discuss,  develop,  and  implement  software  security  practices, 
methodologies,  and  technologies  in  forums  and  working  groups.^® 
Because  of  SwACPteam  member  participation  in  this  community, 
thel  5^^  semi-annual  SwA  Forum  in  September  201 1  examined  the 
implications  of  trends  and  emerging  factors  in  training  and  educa¬ 
tion  for  software  assurance  workers.  The  NIST  National  Initiative 
for  Cybersecurity  Education  (NICE)  has  a  goal  to  “bolster  formal 
cybersecurity  education  programs  encompassing  kindergarten 
through  1 2^^  grade,  higher  education  and  vocational  programs.” At 
the  December  201 1  DHS  Working  Group  meeting,  co-chaired  by 
the  SwACP  team  lead,  Nancy  Mead,  the  alignment  with  NICE  was 
discussed. 

Outreach  Outcomes 

From  the  beginning,  the  SwACP  recognized  the  importance 
of  transition  strategies  for  the  implementation  of  the  software 
assurance  curricula,  including  the  ongoing  promotion  of  the  cur¬ 
riculum  work  and  outreach  to  the  various  communities  of  interest 
to  encourage  them  to  participate.  Given  the  time  constraints,  the 
various  educational  levels  addressed,  and  potential  constituencies 
involved,  multiple  people  and  entities  employed  multiple  outreach 
mechanisms,  coordinating  where  possible  with  related  efforts. 

Challenges  to  our  outreach  effort  include  the  usual  potential 
barriers  to  adoption  of  courses,  tracks,  and  curricula,  including  the 
time  and  resources  needed,  especially  in  light  of  sometimes-severe 
funding  cuts  in  departments.  Another  challenge  was  the  alignment 
and  timing  regarding  revision  cycles  of  both  departmental  and  the 
related  professional  curriculum  development  efforts. 

Outreach  mechanisms  that  are  proving  effective  inciude: 

•  The  Build  Security  In  website,  sponsored  by  DHS,  and  the 
SEI  MSwA  website 

•  Ongoing  SwACP  team  member  participation  (previously  and 
currently)  with  professional  curricula  development  activities 

•  Papers  and  presentations  at  appropriate  educator  confer¬ 
ences  and  workshops 

•  Leveraging  trusted  relationships  with  educators  in  related 


disciplines  to  increase  the  likelihood  of  engagement  and  dis¬ 
semination  (to  other  interested  faculty)  of  information  related  to 
SwA  curricula  and  content. 

One  example  of  successfully  leveraging  trusted  relationships 
with  educators  is  the  Department  of  Computer  Science  at  the 
U.S.  Air  Force  Academy.  They  recently  undertook  a  curriculum 
review  that  defined  multiple  cross-curricular  initiatives  to  support 
program  outcomes,  including  “secure  programming”  (security 
and  software  assurance)  [15].  Among  the  resources  used  was 
the  Undergraduate  Course  Outlines  [6].  They  are  also  consider¬ 
ing  the  development  of  some  undergraduate  course  exercises 
and  projects  that  focus  on  secure  coding  and  software  assur¬ 
ance,  to  be  incorporated  into  existing  undergraduate  courses 
as  a  means  to  integrate  these  topics  as  “natural  and  normal 
practices  inherent  to  software  development.”^^ 

Faculty  and  educators  have  contacted  the  SwACP  team  lead 
for  information  about  how  to  build  a  BS  or  MS  program  with  an 
SwA  concentration.^®  One  department  at  the  University  of  Hous¬ 
ton  has  adopted  significant  portions  of  the  software  assurance 
curriculum  in  their  program  by  incorporating  elements  in  several 
courses,  where  appropriate,  with  the  majority  in  focus  courses 
(two  each  in  the  undergraduate  and  graduate  programs). 

Other  outreach  mechanisms  are  early  in  their  respective  cycles 
or  require  more  of  a  critical  mass  to  be  effective.  For  example, 
the  Software  Assurance  Education  discussion  group  on  Linkedin 
provides  a  forum  for  faculty  to  share  problems  and  experiences 
in  teaching  software  assurance  courses.  As  more  educators 
incorporate  software  assurance  topics,  modules,  and  courses  into 
their  departmental  programs,  we  hope  they  will  utilize  this  forum. 
Ongoing  participation  in  the  related  government  and  practitioner 
efforts  will  help  with  the  alignment  and  leveraging  of  these  activi¬ 
ties,  with  the  common  goal  to  increase  awareness,  participation, 
and  adoption  of  appropriate  software  assurance  practices. 

Summary 

The  SwACP  team  feels  that  software  assurance  education  at 
all  levels  is  essential  to  ensure  that  software  and  software-inten¬ 
sive  systems  are  developed  with  assurance  in  mind  [1 1].  While 
software  assurance  supports  and  complements  the  educational 
objectives  of  a  software  engineering  program,  it  also  supports 
and  complements  the  educational  objectives  of  related  disciplines 
such  as  computer  science  and  information  systems.  Engaging 
knowledgeable  educators  experienced  in  related  curriculum 
development  to  produce  software  assurance  curricula  and  related 
materials  is  but  one  part  of  this  DHS-funded  effort.  Multiple 
mechanisms  must  be  continually  utilized  to  reach  the  various 
educator  communities  to  increase  awareness,  encourage  partici¬ 
pation,  and  ultimately  adopt  software  assurance  topics,  courses, 
tracks,  and  curricula.  Certain  outreach  strategies  have  proved  to 
be  successful  in  the  relatively  short  time  the  SwACP  has  been  in 
existence.  Leveraging  professional  curricula  development  entities, 
as  well  as  alignment  with  related  government  efforts,  while  longer 
term,  should  provide  the  foundation  for  sustainment.-^^ 
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